A block cipher (unlike a stream cipher) is designed to encrypt a given amount (length) of data in one pass of the cipher: the so-called block size. When a message having more data than the defined block size is to be encrypted, various known modes of cryptographic operation may be used in addition to the straightforward approach of just partitioning the message into blocks and encrypting each block while padding the last block with null characters to achieve the defined block size. Classical modes of operation used with block ciphers are CBC (cipher-block chaining), ECB (electronic codebook), etc. They enable one encrypt or decrypt a message of any length using any block cipher. This is done using such padding: if a message has a size that is not an integer multiple of the block cipher block size (see FIG. 1, top), prior to encryption, a set of padding (e.g., null) bits is concatenated to the message (see FIG. 1, middle), to finally obtain a message length which is an integer multiple of the block size (see FIG. 1, bottom). This padded message is then encrypted. The padding bits are removed after decryption. While this is the standard method, it has a major drawback in the case of encryption (or decryption) obfuscation: the padded message to be encrypted (decrypted) always has the property that its size is a multiple of the standard cipher block size, see FIG. 1, bottom. This property greatly helps an attacker to understand the associated cipher as expressed in computer code: for instance with the AES cipher, the attacker knows the message size is a multiple of the 16 bytes block size when he wants to find input/output blocks of the AES state.
The AES cipher is approved as an encryption standard by the U.S. Government. Unlike its predecessor DES (Data Encryption Standard) or the triple DES cipher, it is a substitution permutation network (SPN). AES is fast to execute in both computer software and hardware implementation, relatively easy to implement, and requires little memory. AES has a fixed block size of 128 (16B) bits and a key size of 128, 192 or 256 bits. Due to the fixed block size of 128 bits, AES operates on a 4×4 array of the 16 bytes. It uses key expansion and like most block ciphers a set of encryption and decryption rounds (iterations). Block ciphers of this type include in each round use of substitution boxes (S-boxes). This operation provides non-linearity in the cipher and significantly enhances security.
Note that these block ciphers are symmetric ciphers, meaning the same key is used for encryption and decryption. As is typical in most modern ciphers, security rests with the (secret) key rather than the algorithm. The S-boxes accept an n-bit input and provide an m-bit output. The values of m and n vary with the cipher and the S-box itself. The input bits specify an entry in the S-box in a particular manner well known in the field.